From 046b063e73e6f2a1bb0e2e1e654ed777b5276edc Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Mon, 5 Oct 2015 09:39:29 -0400
Subject: HBAC: remove misleading comment about deny rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

HBAC deny rules are no longer supported. This comment should have
been removed as part of 'Remove HBAC DENY rules from SSSD'

https://fedorahosted.org/sssd/ticket/912

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/providers/ipa/hbac_evaluator.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/providers/ipa/hbac_evaluator.c b/src/providers/ipa/hbac_evaluator.c
index 28d802bc1..a4973045d 100644
--- a/src/providers/ipa/hbac_evaluator.c
+++ b/src/providers/ipa/hbac_evaluator.c
@@ -169,10 +169,6 @@ enum hbac_eval_result hbac_evaluate(struct hbac_rule **rules,
                        rules[i]->name);
             continue;
         } else if (intermediate_result == HBAC_EVAL_MATCHED) {
-            /* This request matched an ALLOW rule
-             * Set the result to ALLOW but continue checking
-             * the other rules in case a DENY rule trumps it.
-             */
             HBAC_DEBUG(HBAC_DBG_INFO, "ALLOWED by rule [%s].\n", rules[i]->name);
             result = HBAC_EVAL_ALLOW;
             if (info) {
-- 
cgit